Beef Up Your Password By Memorising A Few ASCII Key Combos

Beef Up Your Password By Memorising A Few ASCII Key Combos

We’ve seen how easily weak passwords can be hacked, and we’ve also discussed how you can automatically generate and fill in secure passwords. Here’s a great technique to add an extra layer of security to your ASCII-based password.

ASCII characters are part of the US-ASCII code, which is the numerical representation of a character such as ‘a’ or ‘@’ or any key combination we use. Since these characters are recognised by all applications on Windows, they can be used anywhere. Including a couple of characters from the ASCII table in your password allows us to create some really tough passwords to crack.

If you’re a Windows geek, you may be familiar with the Alt + numeric pad key combination that creates ASCII characters which are not present on a regular keyboard.

These characters are less frequently included in brute force or dictionary attacks, which can act as first line of defence for your password against cracking. Many keyloggers would also not be able to log most of the characters from the ASCII code chart, which would render them useless.

If someone tried to guess your password and you have any ASCII character in it, they would need to know the exact key combination for that character before they get anywhere. In a way, the ASCII codes act as a password for your password.

Here is how it works:

When you press Alt + 16 in any text field in Windows, it will create a ► character and pressing Alt + 17 on the num pad gives a ◄. Go ahead, open up notepad and try it out or just open the Run dialog and try out any Alt + number combination.

I generally use a single ASCII character at the start and end of the password. So it looks something like ►mypassword◄. Here’s the video version:

Music by Gold’n Teasdale

A few password examples (ideally you won’t be using dictionary words in the rest of your password):

I♥newyork (Alt + 3) ♠inthehole (Alt + 6) ♫tomyears (Alt + 14)

Although it is not necessary to use these every time, some passwords are more important than others. I usually use these as a part of my master password for password managers like KeePass or as a part of Windows Logon password.

You should be careful while creating a password in KeePass as well as any other software, since it doesn’t display all the ASCII characters correctly. So choose the characters that are displayed correctly, so that you can refer to them when you type the passwords without the asterisks.

Advantages of this approach:

  • Works on all versions of Windows. Also works on majority of programs where a password is needed
  • First line of defence against keyloggers and dictionary attacks

Disadvantages of this approach:

  • Does not work on a mobile phone
  • In some ways, you may be better off just adding more characters to your password. See myth #10 on this password post.
  • ASCII key codes work differently on different operating systems. On Macs, you’d use an Option+key combination that’s different from the Windows code.

You can check the Mac and Linux symbols here and here and check if this process is valid for either of the OS’s.

You can refer to the complete ASCII (Alt + num) characters table for Windows here. Think creative and if you come up with some cool passwords using this technique, let us know (without giving too much away!) in the comments.


  • I guess this would depend on what type of checking the site does on the password entered.

    Also it would suck if you used it for something like your online banking and they then changed their password entry system to use an on-screen keyboard.

  • This is great until you use a laptop without a numeric keyboard. Then you have to stuff around with numlock buttons or Fn keys to activate the numeric keyboard within the normal keyboard.

  • I, myself, tend to use a binary password.

    I pick, say a letter or number, or a combination of a letter and a number, and use the binary representation as my password.

    8-16 bits is pretty good protection, and the chances are nobody trying to quickly get into your account will think of trying binary. Plus, because it is just 1’s and 0’s, it can be typed in pretty quickly once you become use to it.

    That’s my 2 cents worth anyway. Not the best solution for everyone, and definitely not fool proof (hackers are fluent in binary too obviously) but I find it more than antique.

    • Your method is pretty successful against being cracked or guessed, by brute force or dictionary attack. however, it’s relatively vulnerable to the old ‘somebody looking in your direction’ approach.

      If you’re clearly just hitting two keys 8 times – not moving your hand at all – then that’s a max of 256 possibilities. if they happen to see the first digit you type, it’s down to 128. More worryingly for me, the 0 and 1 keys on each keyboard I own sound quite different when you press them, and it’s pretty easy to remember a rhythmic pattern like that.

      They’re all less of an issue with a 16-character password, of course, and my point is only relevant if you’re typing passwords when somebody is actually in the room with you.

  • Passwords are bad, passphrases are a much better solution. An easy to remember sentence is very resilient to dictionary based attacks, and brute-force methods. This usually works a treat, if you type a lot day to day, then a decent passphrase can be hammered out in 4-5 seconds.

    Adding in spaces and punctuation increase the strength of the passphrase by a large amount. Most systems that store your password do so by calculating a hash from your password, this hash is a fixed size (sha1 for example is 20 characters long), therefore most systems have pretty arbitrary limits on the length of your chosen password.

    instead of “goat!!monkey$%^” which is unnatural to type
    try something like “I love to take long walks on the beach at sunset.”

Show more comments

Log in to comment on this story!